RE: Issue: UNLOCK_WHAT_URL from Clemm, Geoff on 2002-07-08 (w3c-dist-auth@w3.org from July to September 2002)

From: Clemm, Geoff <gclemm@rational.com>
Date: Mon, 8 Jul 2002 16:11:15 -0400
To: w3c-dist-auth@w3.org
Message-ID: <3906C56A7BD1F54593344C05BD1374B103F8B325@SUS-MA1IT01>

I agree that an UNLOCK on a resource not locked by the
specified lock token MUST fail.

Cheers,
Geoff

-----Original Message-----
From: Jason Crawford [mailto:ccjason@us.ibm.com]
Sent: Monday, July 08, 2002 3:10 PM
To: Julian Reschke
Cc: w3c-dist-auth@w3.org
Subject: Issue: UNLOCK_WHAT_URL

I've changed the issue name to the one on the issue list that seems more
appropriate. See new Subject: line.

> So do we have agreement that *any* of the URIs affected by a deep lock can
> be used to do the UNLOCK operation?

The other question of that issue is... do we agree that if you request an
UNLOCK
on a resource that is not locked by that lock, that the request should fail?

I believe in previous discussions it was suggested that we should not allow
one
to specify a URL other than one that is locked by the lock. The reasoning
was
that in a virtual website where the URI space might be partitioned and
delegated 
across several machines (perhaps using intermachine BIND requests), it might
be 
burdensome for all machines of the virtual website to be familiar with all
locks.

Anyway, regardless of folks believing this, I'd like to confirm that UNLOCK
requests
specifying a request URI of an unlocked resource should be rejected.

Opinions?

J.

------------------------------------------
Phone: 914-784-7569, ccjason@us.ibm.com

"Julian Reschke" <julian.reschke@gmx.de>

"Julian Reschke" <julian.reschke@gmx.de>
Sent by: w3c-dist-auth-request@w3.org 
07/08/2002 07:24 AM

To: <w3c-dist-auth@w3.org>
cc: 
Subject: RE: root of a lock, was HOW_TO_IDENTIFY_LOCK_OWNER

> To: Daniel Brotsky <dbrotsky@adobe.com>
> Cc: "Clemm, Geoff" <gclemm@Rational.Com>, w3c-dist-auth@w3c.org
> Message-ID: <OF7C4220CB.830F87EE-ON85256B41.006F0EFA@pok.ibm.com>
> From: "Jason Crawford" <ccjason@us.ibm.com>
> Date: Mon, 14 Jan 2002 15:19:50 -0500
> Subject: RE: root of a lock, was HOW_TO_IDENTIFY_LOCK_OWNER
>
>
> > In addition to Geoff's answer:
> > If you are an administrator trying to unlock a resource obtained by
> > someone else, you have to be able to figure out which resource to
> > unlock. You can't unlock an internal member of a collection that's
> > locked by a depth-inifinity lock without knowing which collection was
> > actually locked.
>
> CAN'T?

(going back to an old discussion...)

RFC2518, 8.11 says [1]:

"The UNLOCK method removes the lock identified by the lock token in the
Lock-Token request header from the Request-URI, and all other resources
included in the lock. If all resources which have been locked under the
submitted lock token can not be unlocked then the UNLOCK request MUST fail.
"

So do we have agreement that *any* of the URIs affected by a deep lock can
be used to do the UNLOCK operation?

[1] <http://greenbytes.de/tech/webdav/rfc2518.html#METHOD_UNLOCK>

Received on Monday, 8 July 2002 16:11:47 UTC